DNS Setup: GoDaddy -> AWS Route 53 -> Olympus-Grid Service Running on Salesforce.com
In the following procedure we will setup an Olympus-Grid service that is hosted on Salesforce.com
Take the following use case:
Domain hosted on GoDaddy
DNS managed by AWS Route 53
Olympus-Grid running on Salesforce.com
Production HTTP endpoints requires CA signed x509 certificates
DNS Setup
Within Route 53, setup a hosted zone for the service you are connecting (e.g. olympus-grid.ai)
Update GoDaddy domain's nameservers to point to the AWS NS entries displayed within the hosted zone
In Salesforce, create the Custom Domain (e.g. olympus-logos.olympus-grid.ai)
Enter the Domain Name
Use a temporary non-HTTPS domain. TLS Certificates will be added in a separate procedure.
Save the record. This will error, but will give you the name of the server for the CNAME target (e.g. olympus-logos.olympus-grid.ai.00dfn000001fhaxea0.live.siteforce.com)
Do not close this screen. Open another tab to complete the next step, as you will need to continue from this after the Route 53 Configuration is Complete
Add a CNAME record to Route 53 for the subdomain (e.g. olympus-cosmos.olympus-grid.ai)
Record Name (e.g. olympus-logos)
Use the value from the step above (e.g. olympus-logos.olympus-grid.ai.00dfn000001fhaxea0.live.siteforce.com)
Save the Record
Return to the Salesforce.com Domain setup screen
Allow some time for the DNS settings to propagage
Save the record again, ensuring "Use a Temporary non-HTTPS domain" is still selected
Once Salesforce Detects the dns change, the record will be saved successfully
Activate the Domain
Add a Custom URL to the Domain
Domain (e.g. olympus-logos.olympus-grid.ai)
Site (e.g. Portal - this would be the Olympus-Grid Service endpoint)
Path (e.g. /)
Save the Record
Validate that the content within the service endpoint (e.g. Portal) is now accessible via HTTP (e.g. http://olympus-logos.olympus-grid.ai)
TLS Configuration Options
If using Salesforce.com Sites as your Service Endpoint:
Add a CA Signed TLS Certificate to protect the Custom Domain
If using Salsforce.com Digital Experience Cloud as a Service Endpoint you must choose one of the following options
Add a CA Signed TLS Certificate to protect the Custom Domain
Serve the domain with the Salesforce Content Delivery Network (CDN)
Salesforce will managed the TLS Certifcates
Use a third-party service or CDN to serve the domain
Not currently supported
Add a CA Signed TLS Certificate
The procedures for signing CA certificates differ by Certificate Authority.
This example uses AWS to Go-Daddy for the certificate, however any CA should be acceptable
Inside Salesforce, add a Certificate
Create CA-Signed Certificate
Label (e.g. ai.olympus-grid.olympus-logos)
Unique Name (e.g. ai_olympus_grid_olympus_logos)
Common Name (e.g. olympus-logos.olympus-grid.ai)
Company
City
Country Code (e.g. US)
Key Size (e.g. 2048)
Email Address ([email protected])
Department (e.g. IT)
State/Provice (e.g. Colorado)
Download the Certificate Signing Request
Upload the Request to the CA (e.g. GoDaddy)
Download the Keys
This typically includes root and intermediate keys
Upload the Certificate to Salesforce
e.g. olympus-logos.olympus-grid.ai-certificate.pem
Link the Domain to the Certificate
Return to the Domain Setup screen used to create the domain from above
Edit the Record
Change the Value from "Use a temporary non-HTTPS domain" that was selected above
Change it to "Serve the domain with your HTTPS certificate on Salesforce servers"
Choose the newly uploaded CA Signed Certificate
Save the record
Allow Salesforce time to provision the Domain
Reactivate the Domain
Allow Salesforce time to Republish the Custom URL
HTTPS Traffic should now be protecting the Olympus-Grid service endpoint
Next Steps
If this URL is setup as part of a router rule, you will need to specifically configure the router rules for the new domain. See the following procedure (WIP).
If you want to use a wildcard certificate, check the following article on wildcart SSL setup.
Last updated